Executive Summary
The fourth quarter of 2024 saw a 35% increase in ransomware attacks targeting maritime infrastructure compared to Q3. Port operations and offshore wind facilities were primary targets.
Threat Landscape Overview
Ransomware Campaigns
- LockBit 3.0 - Targeting port management systems across Europe
- BlackCat/ALPHV - Focus on offshore energy infrastructure
- Play Ransomware - Attacks on ship management companies
State-Sponsored Activity
Increased reconnaissance activity observed against subsea cable infrastructure in the Baltic and North Sea regions, attributed to APT groups with suspected nation-state backing.
Notable Incidents
"A major European port experienced a 3-day operational disruption due to ransomware affecting terminal operating systems. Estimated financial impact exceeded €10 million."
IOCs (Indicators of Compromise)
# Sample IOCs from maritime-targeted campaigns
IP Addresses:
- 185.220.xxx.xxx (C2 infrastructure)
- 192.42.xxx.xxx (Phishing infrastructure)
Domains:
- maritime-security-update[.]com
- port-authority-notice[.]net
File Hashes (SHA256):
- a3f5b9c2... (Malicious Excel macro)
- 7d2e8a1f... (Ransomware payload)
Defensive Recommendations
- Implement network segmentation between IT and OT systems
- Deploy email security with attachment sandboxing
- Ensure offline backups of critical operational data
- Conduct regular tabletop exercises for ransomware scenarios
- Review and update incident response plans
Outlook for 2025
We expect continued targeting of maritime infrastructure with increased sophistication in OT-specific malware and supply chain attacks targeting maritime equipment manufacturers.